[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/29939] New: -z pack-relative-relocs --no-keep-memory -pie tries
|
From: |
arsen at aarsen dot me |
|
Subject: |
[Bug ld/29939] New: -z pack-relative-relocs --no-keep-memory -pie tries to write a yet-to-be-loaded section content |
|
Date: |
Sat, 24 Dec 2022 10:29:26 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=29939
Bug ID: 29939
Summary: -z pack-relative-relocs --no-keep-memory -pie tries to
write a yet-to-be-loaded section content
Product: binutils
Version: 2.40 (HEAD)
Status: NEW
Severity: normal
Priority: P2
Component: ld
Assignee: unassigned at sourceware dot org
Reporter: arsen at aarsen dot me
Target Milestone: ---
GCC: gcc-12 (Gentoo 12.2.1_p20221217 p6) 12.2.1 20221217
LD: GNU ld (Gentoo 2.39 p5) 2.39.0, and GNU ld (GNU Binutils) 2.39.50.20221218
Binutils patches for the former:
https://dev.gentoo.org/~dilfridge/distfiles/binutils-2.39-patches-5.tar.xz
(though they should not be relevant, since they're mostly build issue related
things)
The latter is a clean build of 20d8836e4ac6e416fda53152d453328934a2ea46
(Most of the) relevant files: https://www.aarsen.me/~arsen/bfdbug.tar.xz
The above is missing some parts of the GCC distribution, but removing the LTO
and linker plugin bits suffices to work around that AFAICT (and I can still
reproduce after doing that)
Running cmdline from within
var/tmp/portage/net-libs/webkit-gtk-2.38.3-r500/work/webkitgtk-2.38.3_build/:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 bfd_putl64 (data=41888, p=0x0) at
/usr/src/debug/sys-devel/binutils-2.39-r4/binutils-2.39/bfd/libbfd.c:877
877 addr[0] = (data >> (0*8)) & 0xff;
(gdb) bt
#0 bfd_putl64 (data=41888, p=0x0) at
/usr/src/debug/sys-devel/binutils-2.39-r4/binutils-2.39/bfd/libbfd.c:877
#1 0x00007f8149508f38 in elf_x86_size_or_finish_relative_reloc
(is_x86_64=is_x86_64@entry=true, info=info@entry=0x557de9d62e20 <link_info>,
htab=htab@entry=0x557dea2eb5d0, unaligned=unaligned@entry=false,
outrel=outrel@entry=0x7ffd284ac870)
at
/usr/src/debug/sys-devel/binutils-2.39-r4/binutils-2.39/bfd/elfxx-x86.c:1546
#2 0x00007f8149509381 in _bfd_elf_x86_finish_relative_relocs
(info=0x557de9d62e20 <link_info>)
at
/usr/src/debug/sys-devel/binutils-2.39-r4/binutils-2.39/bfd/elfxx-x86.c:1912
#3 0x00007f8149538e80 in bfd_elf_final_link (abfd=0x557dea2e9490,
info=0x557de9d62e20 <link_info>)
at
/usr/src/debug/sys-devel/binutils-2.39-r4/binutils-2.39/bfd/elflink.c:12737
... on this fairly complex link. That block is:
(gdb) list
/usr/src/debug/sys-devel/binutils-2.39-r4/binutils-2.39/bfd/elfxx-x86.c:1546
1541 }
1542 else
1543 {
1544 if (rel.r_offset >= sec->size)
1545 abort ();
1546 htab->elf_write_addend
1547 (info->output_bfd, outrel->r_addend,
1548 (elf_section_data (sec)->this_hdr.contents
1549 + rel.r_offset));
1550 }
(gdb)
I ran a bisect for this error, and it'd appear to have been here since DT_RELR
was added in 5af6f000d88622107e7382d337af2884fd211da2
---
This combination of flags fails even for simple programs; a hello world
crashed, and so did even less:
[i] ~/gcc/binutils-bld/ld $ ld -z pack-relative-relocs --no-keep-memory -pie
/usr/lib/gcc/x86_64-pc-linux-gnu/12/crtbeginS.o
ld: warning: cannot find entry symbol _start; defaulting to 0000000000001020
Segmentation fault (core dumped)
... in the same place as the above.
I wrote a patch that does fix the simple case:
https://www.aarsen.me/~arsen/0001-ld.bfd-Fix-no-keep-memory-z-pack-relative-relocs-seg.patch
[i] ~/gcc/binutils-bld/ld 139 $ ./ld-new -z pack-relative-relocs
--no-keep-memory -pie /usr/lib/gcc/x86_64-pc-linux-gnu/12/crtbeginS.o
./ld-new: warning: cannot find entry symbol _start; defaulting to
0000000000001020
./ld-new: /usr/lib/gcc/x86_64-pc-linux-gnu/12/crtbeginS.o:(.text+0xa):
undefined reference to `__TMC_END__'
./ld-new: /usr/lib/gcc/x86_64-pc-linux-gnu/12/crtbeginS.o:(.text+0x3a):
undefined reference to `__TMC_END__'
./ld-new: a.out: hidden symbol `__TMC_END__' isn't defined
./ld-new: final link failed: bad value
[i] ~/gcc/binutils-bld/ld 1 $
... but it causes a file truncation error with the complex case:
[c] ~/.../webkit-gtk-2.38.3-r500/work/webkitgtk-2.38.3_build$ sh -x
../../../../../../../../binutils-bld/ld/cmdline
+ .../binutils-bld/ld/ld-new -plugin ...
../../../../../../../../binutils-bld/ld/ld-new: error:
bin/LLIntSettingsExtractor(.data.rel.ro.local) is too large (0x28 bytes)
../../../../../../../../binutils-bld/ld/ld-new: BFD (GNU Binutils)
2.39.50.20221218 internal error, aborting at
../../binutils-gdb/bfd/elfxx-x86.c:1566 in
elf_x86_size_or_finish_relative_reloc
../../../../../../../../binutils-bld/ld/ld-new: Please report this bug.
/home/arsen/gcc/binutils-bld/ld/ld-new: error:
bin/LLIntSettingsExtractor(.data.rel.ro.local) is too large (0x28 bytes)
In GDB:
Breakpoint 1, _bfd_abort (file=file@entry=0x555555753410
"../../binutils-gdb/bfd/elfxx-x86.c", line=line@entry=1566,
fn=fn@entry=0x555555753a40 <__PRETTY_FUNCTION__.7>
"elf_x86_size_or_finish_relative_reloc") at ../../binutils-gdb/bfd/bfd.c:1785
1785 if (fn != NULL)
(gdb) p bfd_error
$1 = bfd_error_file_truncated
(gdb)
This error gets set at _bfd_section_size_insane:
if ((ufile_ptr) sec->filepos > filesize || size > filesize - sec->filepos)
{
bfd_set_error (bfd_error_file_truncated);
return true;
}
I suspect I'm misunderstanding how loading and discarding sections for
!keep_memory works.
Sadly, I'm low on time for figuring out how to fix it properly.
PS: Sorry about the external links; I'm decently sure Bugzilla wouldn't like a
13MB archive.
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug ld/29939] New: -z pack-relative-relocs --no-keep-memory -pie tries to write a yet-to-be-loaded section content,
arsen at aarsen dot me <=